packages feed

xss-sanitize 0.3.5.4 → 0.3.5.5

raw patch · 2 files changed

+4/−4 lines, 2 filesdep ~utf8-stringPVP ok

version bump matches the API change (PVP)

Dependency ranges changed: utf8-string

API changes (from Hackage documentation)

Files

README.md view
@@ -55,7 +55,7 @@  Ultimately this is where your security comes from. I would expect that a faulty white list would act as a strong deterrent, but this library strives for correctness. -The [source code of html5lib](http://code.google.com/p/html5lib/source/browse/python/html5lib/sanitizer.py) is the source of the white list and my implementation reference. If you feel a tag is missing from the white list, check to see if it has been added there.+The [source code of html5lib](https://github.com/html5lib/html5lib-python/blob/master/html5lib/sanitizer.py) is the source of the white list and my implementation reference. If you feel a tag is missing from the white list, check to see if it has been added there.  If anyone knows of better sources or thinks a particular tag/attribute/value may be vulnerable, please let me know. [HTML Purifier](http://htmlpurifier.org/live/smoketests/printDefinition.php) does have a more permissive and configurable (yet safe) white list if you are looking to add anything.
xss-sanitize.cabal view
@@ -1,5 +1,5 @@ name:            xss-sanitize-version:         0.3.5.4+version:         0.3.5.5 license:         BSD3 license-file:    LICENSE author:          Greg Weber <greg@gregweber.info>@@ -21,7 +21,7 @@ library     build-depends:    base == 4.*, containers                     , tagsoup     >= 0.12.2   && < 1-                    , utf8-string >= 0.3      && < 1+                    , utf8-string >= 0.3      && < 1.1                     , css-text    >= 0.1.1    && < 0.2                     , text        >= 0.11     && < 2                     , attoparsec  >= 0.10.0.3 && < 1@@ -41,7 +41,7 @@     cpp-options: -DTEST     build-depends:    base == 4.* , containers                     , tagsoup     >= 0.12.2   && < 1-                    , utf8-string >= 0.3      && < 1+                    , utf8-string >= 0.3      && < 1.1                     , css-text    >= 0.1.1    && < 0.2                     , text        >= 0.11     && < 2                     , attoparsec  >= 0.10.0.3 && < 1